Enterprise Security, Platform Security, Software Security
Prnewswire | July 06, 2023
Safe Security, the AI-Driven Cyber Risk Management company, announced today that it has joined the Center for Threat-Informed Defense (Center), operated by MITRE Engenuity, as a Research Sponsor. This partnership will enhance the organization's ability to develop resources to protect against cyberattacks through its unique approach to public interest collaborative research and development (R&D).
"We are proud to announce our partnership with the Center as a research sponsor and are excited to share our expertise to drive cybersecurity innovation," said Vidit Baxi CISO and Co-founder at Safe Security. "The Center promotes the co-development of new tools, techniques, and strategies to address challenges in today's highly vulnerable ecosystem. This program allows us to contribute and support global community engagement efforts in understanding and communicating cyber risk. Alongside industry members, we can better articulate and mitigate cyber risks, prioritize specific threat-informed actions to prevent breaches, ultimately contributing to the advancement and improvement of cyber defense."
In 2019, MITRE Engenuity was established as a subsidiary of the MITRE Corporation amid a noticeable shift in R&D investments moving towards the private sector. Recognizing that vital industry investments may become overwhelmed in the conceptual phase without proper guidance, the subsidiary aims to ensure effective implementation through nurturing and radical collaboration. Operating within the dynamic cybersecurity landscape, MITRE Engenuity brings together experts, organizations, and investors in a non-competitive environment to foster generational impact for the public good.
SAFE's research collaboration will build on the MITRE ATT&CK® framework, forming the foundation for a threat-informed defense approach to counter the latest techniques leveraged by today's most advanced threat actors. The Center also works to provide defenders with a deep understanding of adversary tradecraft and advances in developing countermeasures to prevent, detect, and mitigate modern threats by identifying trends in attacker behavior that can inform the threat intelligence community.
Using its AI-fueled cyber risk cloud of clouds platform for predicting and preventing cyber breaches, SAFE evaluates the efficacy of cyber controls by automatically mapping common vulnerabilities and exposures (CVEs) and cyber controls across the kill chain using the MITRE ATT&CK and D3FEND frameworks. This approach enables CISOs to visualize and assess cybersecurity. Predictive data models co-developed with MIT empower CISOs to translate the bits and bytes of cyber risk into dollars and cents, allowing them to communicate these risks to the board effectively and all risk stakeholders.
SAFE delivers a data-driven, real-time solution for measuring, managing, and mitigating cyber risk. It gives organizations an aggregated view of enterprise security risk by collating disparate cyber signals for single visibility across their attack surface, technology, people, and third parties. SAFE is dedicated to working with the Center in its continuous efforts to make meaningful contributions to the cybersecurity community, enabling organizations to move from a reactive state to a predictive posture to understand the likelihood of different cyber risk scenarios.
"The Center for Threat-Informed Defense serves as a hub for top-tier security teams worldwide to collaborate on identifying and resolving the most pressing challenges confronting cyber defenders," said Jonathan Baker, Co-Founder and Director of the Center for Threat-Informed Defense. "We are thrilled to have Safe Security on board as we strengthen our collective understanding of adversary behaviors and our ability to thwart cyber attacks."
About The Center for Threat-Informed Defense
The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The center's mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the center builds on MITRE ATT&CK, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the center operates for the public good, outputs of its research and development are available publicly and for the benefit of all. For more information, contact ctid@mitre-engenuity.org.
About Safe Security
Safe Security is the leader in cyber risk management SaaS platforms. It has redefined cyber risk measurement and management with its real time, data-driven approach that empowers enterprise leaders, regulators, and cyber insurance carriers to understand cyber risk in an aggregated and granular manner. Using SAFE's predictive AI-driven data models, co-developed with MIT, customers are now empowered to translate the bits and bytes of cyber risk into dollars and cents so that they can prioritize their cyber investments to most effectively mitigate their risk and understand the return on security investments. Having raised over $100M, Safe is growing over 200% year over year, consecutively for the last three years and serves some of the largest global enterprises.
Read More
Platform Security, Software Security, API Security
Businesswire | June 28, 2023
Cequence Security, the leader in API Protection, today announced new updates to the Unified API Protection (UAP) platform that strengthen customers’ ability to discover, manage risk and protect APIs. With the latest capabilities, organizations can rapidly deploy API Security Testing with built-in generative AI automation, protect users from online fraud and operationalize security findings with low-code/no-code workflows.
“We are always exploring ways to further automate and improve our UAP solution and help our customers consolidate the tools required to stay ahead of the threat actors,” said Ameya Talwalkar, founder and CEO. “The updates to our platform continue to set us apart from other point solution vendors in the API security space as we are providing our customers with the only integrated best-of-suite approach to discover, comply, test and protect their APIs.”
“Today, we are also excited to share we are the first API security vendor to take advantage of the game-changing Generative AI and no-code security automation within our UAP solution to better protect users from online fraud and simplify security findings,” continued Talwalkar.
Enhance API Security Testing with Generative AI
With the enormous potential of generative AI tools like ChatGPT and Google Bard, Cequence is one of the first cybersecurity companies and the first API Protection company to leverage its power to protect data and users from bad actors. Cequence has added several new capabilities to API Security Testing, including Test Plan generation using a new feature called Intelligent Mode that helps automate the generation of API Security Test Plans using plain English, extending the low-code/no-code approach to test case generation. Cequence UAP's Intelligent Mode automatically associates the appropriate APIs with the right test cases, given the functionality of that API. This not only drastically reduces the time needed to create a test plan to minutes, as compared to months with other solutions, it also ensures consistent experience across a customer's entire applications and environments.
Several other enhancements include detailed insights and remediation workflows into test failures. The test catalog now has test cases for the latest OWASP API Top 10 2023. Cequence also empowers InfoSec teams to run API tests outside of CI/CD pipelines, and instead, point attack test suites directly against staging or even production servers.
New Fraud Prevention Capabilities
To enable organizations to protect their APIs from online fraud, Cequence has introduced the Fraud Prevention module in API Spartan. The new module enables organizations to protect their end-customers from online fraud and instantly take action, including blocking transactions and generating enterprise-grade notifications to relevant teams.
Protecting applications and users against online fraud complements the existing capabilities of Cequence to detect and block business logic abuse, account takeover (ATO) attempts, common OWASP API Top 10 security risks and automated malicious traffic.
Operationalize API Protection with Low-Code/No-Code Security Automation
Cequence has introduced out-of-the-box integrations with over 300 third-party apps, including ServiceNow, PagerDuty, JIRA and Slack. Using off-the-shelf connections to these apps, security analysts can ensure security risks or threats are routed promptly to their business teams for remediation.
Security analysts can use a low-code/no-code approach within Cequence to implement the equivalent of an API Security Orchestration and Response (SOAR) workflow, wiring together multiple third-party connections to achieve their desired outcomes. Using this approach, analysts can operationalize workflows that promptly remediate critical API security risks, such as the discovery of shadow APIs that have access to sensitive data and new security risks of weak authentication or non-conformance to OpenAPI specifications in newly built pre-production CI/CD pipelines.
Enhanced Visibility of External Facing APIs with API Spyder
New enhancements to API Spyder enable customers to easily identify APIs that are externally accessible, but not entirely protected by Cloud Security Posture Management (CSPM) infrastructure. Additionally, this approach offers a seamless complement to API Sentinel's deep insights into runtime API inventory and compliance checking using the OWASP API Security Top 10 and other custom risk categories.
With the latest Unified API Protection platform updates, organizations can now protect their users from online fraud, operationalize security findings with low-code/no-code API SOAR-like workflows and rapidly deploy API Security Testing with built-in Generative AI automation. These capabilities continue to set Cequence apart from other point API security, bot management, anti-fraud and WAF vendors by having the industry’s first and only Unified API Protection platform that covers the entire API lifecycle. With UAP, customers can discover with API Spyder, comply with API Sentinel and protect with API Spartan.
About Cequence Security
Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory, compliance, dynamic testing with real-time detection and native mitigation to defend against fraud, business logic attacks, exploits and unintended data leakage. Cequence Security secures more than 6 billion API transactions a day and protects more than 2 billion user accounts across our Fortune 500 customers. Learn more at www.cequence.ai.
Read More
Enterprise Security, Platform Security, Software Security
GlobeNewswire | August 21, 2023
ZeroFox, (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, announced today that it was recognized as a technology leader in the 2023 Quadrant SPARK Matrix ™ for Digital Risk Protection by Quadrant Knowledge Solutions. This recognition comes on the heels of other recent accolades in the DRP space, further solidifying the company’s position on the forefront of innovation for digital risk protection.
The SPARK Matrix™ from Quadrant Knowledge Solutions provides an in-depth analysis of the Digital Risk Protection landscape, including trends, the overall vendor landscape and the market. By ranking the vendors featured in the analysis, the SPARK Matrix ™ provides insights that allow companies to compare the potential capabilities – and the market position – of each company they would partner with in a more strategic way.
"In the age of rapid digital transformation, enterprises face complex challenges in safeguarding their external attack surface. Amidst evolving threats from every corner of the web – whether the surface, deep, or dark – ZeroFox has combined the strength of AI and full-spectrum threat intelligence to power solutions for digital risk protection. This empowers security teams to stay ahead of potential threats and shield their online footprint in our dynamic digital world," said John Prestridge, Chief Product Officer at ZeroFox. "Being named a technology leader in Quadrant Knowledge Solutions’ SPARK Matrix™ for Digital Risk Protection speaks volumes about our team's unwavering commitment and passion for protecting our customers. We're deeply honored by the acknowledgment of our continuous dedication to the industry."
“With its sophisticated technology platform, comprehensive functional capabilities, and roadmap, ZeroFox is well-positioned to maintain and grow its share in the DRP market,” Akshay Parmar, Analyst at Quadrant Knowledge Solutions notes in the report. The report notes “several key differentiators for ZeroFox’s External Cybersecurity Platform, including the recent launch of FoxGPT – which showcases the practical implementation of generative AI in addressing challenges within the cyber threat intelligence domain. Another is the team’s Threat Intelligence and Attack Surface Management solutions, both of which help the team to detect brand or executive impersonations, safeguard domains, detect phishing URLs, monitor brand mentions and negative sentiment, as well as identify data leaks and attack chatter on the deep and dark web.”
This recognition for ZeroFox as a leader in Digital Risk Protection from Quadrant Knowledge Solutions is a special accolade for the team – but not the first. ZeroFox was also a winner of the 2023 Global Infosec Awards for Most Comprehensive in the Digital Risk Protection category. The team was also recognized with the 2022 Frost & Sullivan Global Competitive Strategy Leadership Award, which highlighted ZeroFox’s leadership and exceptional strategic innovation and customer impact.
About Quadrant Knowledge Solutions
Quadrant Knowledge Solutions is a global advisory and consulting firm focused on helping clients in achieving business transformation goals with Strategic Business and Growth advisory services. At Quadrant Knowledge Solutions, our vision is to become an integral part of our client's business as a strategic knowledge partner. Our research and consulting deliverables are designed to provide comprehensive information and strategic insights for helping clients formulate growth strategies to survive and thrive in ever-changing business environments.
About ZeroFox
ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.
Read More